diff --git a/auditbeat/auditbeat.reference.yml b/auditbeat/auditbeat.reference.yml index d0570664f81f..e3bc37d9b1b5 100644 --- a/auditbeat/auditbeat.reference.yml +++ b/auditbeat/auditbeat.reference.yml @@ -1138,6 +1138,9 @@ setup.kibana: # Multiple selectors can be chained. #logging.selectors: [ ] +# Send all logging output to stderr. The default is false. +#logging.to_stderr: false + # Send all logging output to syslog. The default is false. #logging.to_syslog: false diff --git a/filebeat/filebeat.reference.yml b/filebeat/filebeat.reference.yml index 7641a39295dd..6854903ae835 100644 --- a/filebeat/filebeat.reference.yml +++ b/filebeat/filebeat.reference.yml @@ -1839,6 +1839,9 @@ setup.kibana: # Multiple selectors can be chained. #logging.selectors: [ ] +# Send all logging output to stderr. The default is false. +#logging.to_stderr: false + # Send all logging output to syslog. The default is false. #logging.to_syslog: false diff --git a/heartbeat/heartbeat.reference.yml b/heartbeat/heartbeat.reference.yml index 5568bff8c43a..bfa6498b3efa 100644 --- a/heartbeat/heartbeat.reference.yml +++ b/heartbeat/heartbeat.reference.yml @@ -1282,6 +1282,9 @@ setup.kibana: # Multiple selectors can be chained. #logging.selectors: [ ] +# Send all logging output to stderr. The default is false. +#logging.to_stderr: false + # Send all logging output to syslog. The default is false. #logging.to_syslog: false diff --git a/journalbeat/journalbeat.reference.yml b/journalbeat/journalbeat.reference.yml index a2dc41621fa9..c4756f780274 100644 --- a/journalbeat/journalbeat.reference.yml +++ b/journalbeat/journalbeat.reference.yml @@ -1078,6 +1078,9 @@ setup.kibana: # Multiple selectors can be chained. #logging.selectors: [ ] +# Send all logging output to stderr. The default is false. +#logging.to_stderr: false + # Send all logging output to syslog. The default is false. #logging.to_syslog: false diff --git a/libbeat/_meta/config.reference.yml b/libbeat/_meta/config.reference.yml index 3c5722181001..00a4590e72c6 100644 --- a/libbeat/_meta/config.reference.yml +++ b/libbeat/_meta/config.reference.yml @@ -1026,6 +1026,9 @@ setup.kibana: # Multiple selectors can be chained. #logging.selectors: [ ] +# Send all logging output to stderr. The default is false. +#logging.to_stderr: false + # Send all logging output to syslog. The default is false. #logging.to_syslog: false diff --git a/libbeat/docs/loggingconfig.asciidoc b/libbeat/docs/loggingconfig.asciidoc index 0a6eb3cf8df0..605bd0403158 100644 --- a/libbeat/docs/loggingconfig.asciidoc +++ b/libbeat/docs/loggingconfig.asciidoc @@ -48,6 +48,13 @@ endif::win_only[] TIP: In addition to setting logging options in the config file, you can modify the logging output configuration from the command line. See <>. + +ifndef::win_only[] +WARNING: When {beatname_uc} is running on a Linux system with systemd, it uses +by default the `-e` command line option, that makes it write all the logging output +to stderr so it can be captured by journald. Other outputs are disabled. See +<> to know more and learn how to change this. +endif::win_only[] endif::serverless[] ifdef::serverless[] @@ -77,6 +84,12 @@ You can specify the following options in the `logging` section of the +{beatname_lc}.yml+ config file: ifndef::serverless[] +[float] +==== `logging.to_stderr` + +When true, writes all logging output to standard error output. This is +equivalent to using the `-e` command line option. + [float] ==== `logging.to_syslog` diff --git a/libbeat/docs/shared-systemd.asciidoc b/libbeat/docs/shared-systemd.asciidoc index 25f0c08ece6a..cf028b9573f2 100644 --- a/libbeat/docs/shared-systemd.asciidoc +++ b/libbeat/docs/shared-systemd.asciidoc @@ -80,8 +80,8 @@ would override `BEAT_LOG_OPTS` to enable debug for Elasticsearch output. Environment="BEAT_LOG_OPTS=-e -d elasticsearch" ------------------------------------------------ -To use settings from the {beatname_uc} file, empty the environment -variable. For example: +To change the logging output from the {beatname_uc} configuration file, empty +the environment variable. For example: ["source", "systemd", subs="attributes"] ------------------------------------------------ diff --git a/metricbeat/metricbeat.reference.yml b/metricbeat/metricbeat.reference.yml index 4514890d3b34..1d7573247afb 100644 --- a/metricbeat/metricbeat.reference.yml +++ b/metricbeat/metricbeat.reference.yml @@ -1767,6 +1767,9 @@ setup.kibana: # Multiple selectors can be chained. #logging.selectors: [ ] +# Send all logging output to stderr. The default is false. +#logging.to_stderr: false + # Send all logging output to syslog. The default is false. #logging.to_syslog: false diff --git a/packetbeat/packetbeat.reference.yml b/packetbeat/packetbeat.reference.yml index 772ad0c38672..ba93fc6d3cc7 100644 --- a/packetbeat/packetbeat.reference.yml +++ b/packetbeat/packetbeat.reference.yml @@ -1506,6 +1506,9 @@ setup.kibana: # Multiple selectors can be chained. #logging.selectors: [ ] +# Send all logging output to stderr. The default is false. +#logging.to_stderr: false + # Send all logging output to syslog. The default is false. #logging.to_syslog: false diff --git a/winlogbeat/winlogbeat.reference.yml b/winlogbeat/winlogbeat.reference.yml index f46be1539197..80d80b50690b 100644 --- a/winlogbeat/winlogbeat.reference.yml +++ b/winlogbeat/winlogbeat.reference.yml @@ -1059,6 +1059,9 @@ setup.kibana: # Multiple selectors can be chained. #logging.selectors: [ ] +# Send all logging output to stderr. The default is false. +#logging.to_stderr: false + # Send all logging output to syslog. The default is false. #logging.to_syslog: false diff --git a/x-pack/auditbeat/auditbeat.reference.yml b/x-pack/auditbeat/auditbeat.reference.yml index 02183b8dd7c7..fd52c15c0378 100644 --- a/x-pack/auditbeat/auditbeat.reference.yml +++ b/x-pack/auditbeat/auditbeat.reference.yml @@ -1189,6 +1189,9 @@ setup.kibana: # Multiple selectors can be chained. #logging.selectors: [ ] +# Send all logging output to stderr. The default is false. +#logging.to_stderr: false + # Send all logging output to syslog. The default is false. #logging.to_syslog: false diff --git a/x-pack/filebeat/filebeat.reference.yml b/x-pack/filebeat/filebeat.reference.yml index ad36f8b46482..88fbf50d7451 100644 --- a/x-pack/filebeat/filebeat.reference.yml +++ b/x-pack/filebeat/filebeat.reference.yml @@ -1987,6 +1987,9 @@ setup.kibana: # Multiple selectors can be chained. #logging.selectors: [ ] +# Send all logging output to stderr. The default is false. +#logging.to_stderr: false + # Send all logging output to syslog. The default is false. #logging.to_syslog: false diff --git a/x-pack/functionbeat/functionbeat.reference.yml b/x-pack/functionbeat/functionbeat.reference.yml index 6d3e7654fa4f..f10428ecd2ea 100644 --- a/x-pack/functionbeat/functionbeat.reference.yml +++ b/x-pack/functionbeat/functionbeat.reference.yml @@ -1197,6 +1197,9 @@ setup.kibana: # Multiple selectors can be chained. #logging.selectors: [ ] +# Send all logging output to stderr. The default is false. +#logging.to_stderr: false + # Send all logging output to syslog. The default is false. #logging.to_syslog: false diff --git a/x-pack/metricbeat/metricbeat.reference.yml b/x-pack/metricbeat/metricbeat.reference.yml index 68f52ef85d02..929afc581762 100644 --- a/x-pack/metricbeat/metricbeat.reference.yml +++ b/x-pack/metricbeat/metricbeat.reference.yml @@ -1833,6 +1833,9 @@ setup.kibana: # Multiple selectors can be chained. #logging.selectors: [ ] +# Send all logging output to stderr. The default is false. +#logging.to_stderr: false + # Send all logging output to syslog. The default is false. #logging.to_syslog: false diff --git a/x-pack/winlogbeat/winlogbeat.reference.yml b/x-pack/winlogbeat/winlogbeat.reference.yml index f3712e72d618..325d512f1395 100644 --- a/x-pack/winlogbeat/winlogbeat.reference.yml +++ b/x-pack/winlogbeat/winlogbeat.reference.yml @@ -1071,6 +1071,9 @@ setup.kibana: # Multiple selectors can be chained. #logging.selectors: [ ] +# Send all logging output to stderr. The default is false. +#logging.to_stderr: false + # Send all logging output to syslog. The default is false. #logging.to_syslog: false